Microsoft, Facebook oppose Kiwi spying Bill

Microsoft, Facebook oppose Kiwi spying Bill

Summary: Potential for a new interception legislation in New Zealand has been hit by another blow, with companies that may be subject to surveillance saying they will either have none or it, or it'll affect whether they do business in the country.


A number of technology companies, including Microsoft and Facebook and have criticised New Zealand's "Spying on Kiwis" Bill during a Law and Order Select Committee in Parliament Thursday, claiming that it could discourage US providers from offering services in the country.

The piece of draft legislation in question is the Telecommunications (Interception Capability and Security) Bill. It was first introduced into Parliament in May and referred to the Law and Order Committee for review. It sets out obligations that network operators must follow to assist in the interception of information in the interests of national security. Several companies and individuals have made submissions into the Bill, including Facebook, Huawei, Vodafone, Microsoft and the New Zealand Police Association.

On Thursday, however, representatives from Microsoft and Google fronted up to the committee and said that the pending legislation conflicted with existing legal arrangements in the US.

Fairfax NZ News reports that Microsoft corporate affairs manager Waldo Kuipers pointed to the US Electronic Communications Privacy Act as one example of conflicting legislation. It requires that US-based providers keep customer communications under wraps, in direct contravention of New Zealand requests for information.

"If the proposed law leads to a situation where a US-based provider must choose between breaking New Zealand law and breaking US law, where it is headquartered and based, they may be forced to withdraw their service from New Zealand," he said.

Kuiper's own submission for Microsoft (PDF) says that businesses would be discouraged from setting up businesses in New Zealand because the Bill does not make it clear who is required to meet the interception requirements.

"It is not difficult to see that technology providers will be more reluctant to invest in building new services in New Zealand or deploying them in New Zealand. Technology providers will be unable to plan for interception capability obligations with any certainty when building services."

From the network operators themselves, Telecom NZ notes in its submission (PDF) that the Bill misses the point by targeting the network layer and that application providers that sit "over the top (OTT)" of the network are beyond their control.

"In this day and age it is not realistic or sustainable to expect network operators to have the full responsibility to intercept over the top services that they do not have control over rather than enforcing against the application provider of those services themselves who do have control over those services," its submission notes.

The New Zealand Police Association's submission (PDF) has backed the Bill as it stands, but also made an acknowledgement of the very issue that Telecom has raised, questioning whether the encrypted communications would be able to be intercepted.

"The Committee should be aware that the clear potential exists for the use of 'over the top' application service providers (encrypted communications platforms which [are] operating on, but are not part of a communications network). In order to ensure interception capability obligations remain effective into the future, we suggest the Committee consider whether the bill's provisions are adequate to ensure coverage of such technologies," the Association's submission read.

Vodafone NZ states that the Bill should be modified to go after OTT providers such as Skype, WhatsApp, Snapchat and Viber. In its current form, Vodafone states that it could comply with an intercept request, but that "the communication would be unusable because it is encrypted by the OTT provider."

Facebook will have none of this, with its submission (PDF) recommending that the Committee clarify the Bill to ensure that social networks like itself are not subject to the legislation.

It criticised the broad approach of the Bill, calling for more specific laws where interception was concerned.

"We believe that narrow, targeted, proportional rules should always be preferred over blanket rules requiring interception and accessibility. Blanket rules requiring data retention and accessibility are blunt tools, which have the potential to infringe on civil liberties and constrain economic growth."

On the other hand, Huawei appears to be worried in its submission (PDF) that the Bill could represent another way to cut its operations out of the country without reason, in a similar manner to what has happened in Australia's National Broadband Network.

It worries that the Bill will exclude "particular vendors from being able to participate in key projects with little or no benefit for security outcomes" and calls for the government to establish a common, objective process to measure the security of hardware used for security assurance.

A few submissions suggested ways of providing fair testing would be to use Common Criteria, the international ISO 27001 standard for information security, or set up an industry-funded testing lab to create a New Zealand Security Evaluated Products Register.

Both Labour and Greens representatives have openly opposed the Bill, with Greens MP Steffan Browning stating that the Bill should be called the "TELCOs (Spying on Kiwis) Bill" or "TELCOs (Let's Get Hacked) Bill" when it was first read in parliament and that it is a "disgusting abuse of legislative power."

"What we are doing here is putting in laws to make it legal for those agencies to spy on us. We do not need to rely on them hacking in any more, because we are setting up laws for them to do it," he said.

Nationals MP and the Minister for Communications and Information Technology Amy Adams said that the Bill is necessary to ensure flexibility and responsiveness and that it simply formalises the close work that the government already does with telecommunications providers.

"The provisions in this bill will ensure that New Zealand’s telecommunications providers have a clear understanding of how to meet their interception obligations and will safeguard our telecommunications infrastructure. The bill will provide greater certainty and transparency for the telecommunications industry and the New Zealand public."

Labour MP Clare Curran has called it a "major and frightening expansion" of government powers and potentially a step towards an authoritarian approach to government.

"New Zealanders should be aware that this bill covers their email, their texts, Twitter, other social media, Skype, and private encrypted discussions through chat sites and cloud services such as Microsoft Lync, Dropbox, Google Drive, and Mega. It would include any business operating cloud services," she said.

Lastly, New Zealand First appears to be sitting on the fence, with Richard Prosser MP stating that it would support the Bill, but on the conditions that there are sufficient oversights and safeguards put in place to protect New Zealanders' rights.

"If [national security] objectives can be met and at the same time the freedoms, rights, and civil liberties of New Zealanders can be assured, then New Zealand First has no issue with supporting this bill."

The Committee is due to present its report on the Bill by September 20.

Topics: New Zealand, Government, Microsoft, Privacy, Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • NZ is starting to look like the DPRK

    Pretty soon, they will be another third world internet backwater, with connectivity to each other and the government being the only available services.
  • NZ Law.

    American companies have no problem complying with American laws but freely refuse to comply with the laws of other countries. since when do you get to pick and choose which laws apply to you and which one don't?
    • Exactly

      So NZ is formalising the fact that they already collect this data? I'm fairly certain that NZ is part of Echelon and as a result would have access to the majority of this data already. I wonder if this is in response to what has happened in the US. NZ has decided to go the "transparent" route to avoid the potential issues the US is now facing due to the "Snowden effect".
  • Pretty Simply really -- Advise the US that the TPP is off.

    It is easy to toddle around and sell BS. I watched the Microsoft presentation to the Australian government committee. What a heavy handed flip off. Now they are trying the same in NZ.

    It is simple. Tell the US government that the TPP is off. They are the ones that want it... we are the countries stupid enough to be even negotiating.